-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-30-2 Safari 9 Safari 9 is now available and addresses the following: Safari Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Visiting a malicious website may lead to user interface spoofing Description: Multiple user interface inconsistencies may have allowed a malicious website to display an arbitrary URL. These issues were addressed through improved URL display logic. CVE-ID CVE-2015-5764 : Antonio Sanso (@asanso) of Adobe CVE-2015-5765 : Ron Masas CVE-2015-5767 : Krystian Kloskowski via Secunia, Masato Kinugawa Safari Downloads Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: LaunchServices' quarantine history may reveal browsing history Description: Access to LaunchServices' quarantine history may have revealed browsing history based on file downloads. This issue was addressed through improved deletion of quarantine history. Safari Extensions Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Local communication between Safari extensions and companion apps may be compromised Description: The local communication between Safari extensions such as password managers and their native companion apps could be comprised by another native app. This issue was addressed through a new, authenticated communications channel between Safari extensions and companion apps. Safari Extensions Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Safari extensions may be replaced on disk Description: A validated, user-installed Safari extension could be replaced on disk without prompting the user. This issue was addressed by improved validation of extensions. CVE-ID CVE-2015-5780 : Ben Toms of macmule.com Safari Safe Browsing Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Navigating to the IP address of a known malicious website may not trigger a security warning Description: Safari's Safe Browsing feature did not warn users when visiting known malicious websites by their IP addresses. The issue was addressed through improved malicious site detection. Rahul M (@rahulmfg) of TagsDock WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Partially loaded images may exfiltrate data across origins Description: A race condition existed in validation of image origins. This issue was addressed by improved validation of resource origins. CVE-ID CVE-2015-5788 : Apple WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5789 : Apple CVE-2015-5790 : Apple CVE-2015-5791 : Apple CVE-2015-5792 : Apple CVE-2015-5793 : Apple CVE-2015-5794 : Apple CVE-2015-5795 : Apple CVE-2015-5796 : Apple CVE-2015-5797 : Apple CVE-2015-5798 : Apple CVE-2015-5799 : Apple CVE-2015-5800 : Apple CVE-2015-5801 : Apple CVE-2015-5802 : Apple CVE-2015-5803 : Apple CVE-2015-5804 : Apple CVE-2015-5805 CVE-2015-5806 : Apple CVE-2015-5807 : Apple CVE-2015-5808 : Joe Vennix CVE-2015-5809 : Apple CVE-2015-5810 : Apple CVE-2015-5811 : Apple CVE-2015-5812 : Apple CVE-2015-5813 : Apple CVE-2015-5814 : Apple CVE-2015-5815 : Apple CVE-2015-5816 : Apple CVE-2015-5817 : Apple CVE-2015-5818 : Apple CVE-2015-5819 : Apple CVE-2015-5821 : Apple CVE-2015-5822 : Mark S. Miller of Google CVE-2015-5823 : Apple WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: An attacker may be able to create unintended cookies for a website Description: WebKit would accept multiple cookies to be set in the document.cookie API. This issue was addressed through improved parsing. CVE-ID CVE-2015-3801 : Erling Ellingsen of Facebook WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: The Performance API may allow a malicious website to leak browsing history, network activity, and mouse movements Description: WebKit's Performance API could have allowed a malicious website to leak browsing history, network activity, and mouse movements by measuring time. This issue was addressed by limiting time resolution. CVE-ID CVE-2015-5825 : Yossi Oren et al. of Columbia University's Network Security Lab WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Visiting a malicious website may lead to unintended dialing Description: An issue existed in handling of tel://, facetime://, and facetime-audio:// URLs. This issue was addressed through improved URL handling. CVE-ID CVE-2015-5820 : Guillaume Ross, Andrei Neculaesei WebKit CSS Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: A malicious website may exfiltrate data cross-origin Description: Safari allowed cross-origin stylesheets to be loaded with non-CSS MIME types which could be used for cross-origin data exfiltration. This issue was addressed by limiting MIME types for cross-origin stylesheets. CVE-ID CVE-2015-5826 : filedescriptior, Chris Evans WebKit JavaScript Bindings Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Object references may be leaked between isolated origins on custom events, message events and pop state events Description: An object leak issue broke the isolation boundary between origins. This issue was addressed through improved isolation between origins. CVE-ID CVE-2015-5827 : Gildas WebKit Page Loading Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: WebSockets may bypass mixed content policy enforcement Description: An insufficient policy enforcement issue allowed WebSockets to load mixed content. This issue was addressed by extending mixed content policy enforcement to WebSockets. Kevin G Jones of Higher Logic WebKit Plug-ins Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11 Impact: Safari plugins may send an HTTP request without knowing the request was redirected Description: The Safari plugins API did not communicate to plugins that a server-side redirect had happened. This could lead to unauthorized requests. This issue was addressed through improved API support. CVE-ID CVE-2015-5828 : Lorenzo Fontana Safari 9 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWDB23AAoJEBcWfLTuOo7teGkQAK3KZHfKYeJ6NJP2rdBCeGGE 0zPFtcgjzbHSOG1KB5Q/gHBChmVukmgC/QCCueKmA5TOxXjhuEj2CRpe/+Zf349H zvfdvU2Q4qM7byOY/q7g77Cae6K/nrnX7FaHRjdREniZUBIsm826o69Qbpeudlns n4IhPIaUPiq0M+o1EzPgnHWJ1GpHcFD7C0bZ6tSlBea8iJi2Ai9EOZUXaskJg2mx 9tCijYN8IVKGApJT3CiFUHgx9zgDq9vbWJ1spnxwK0IgYd8zhEf18sZZmdAd5szS bpU1KyFsFRYqRjV4ctTBhj8FnZ4Cjxxq9xXXGNrrlsIXBBRDENNiwUaHhoiYVBjH mPV76aNQjgImbi2T3gamUFZLSB8IdklMbFXo+HYUX3k4eDis0f/dFRoDb4XWfXiX 168c79nGIc6bDz+7tP7Z7gC9rYCJRdJqHObky+2K1A43Urp1EkgH8oy+a2EbstfY wvoQ/kUkFsDY3NM4xwa9gqhdYFcJSQy0kfzcZB/LinjLSEBkG/7nu+XuWlrwSavJ qLvUyUpdP5ei0Scmz8YCymrf2aMG4yZEN4PyUkBPPW2DgNiXgbE5K+8kHnqmUlRF OJ9+P/2tIED63euI0n1UcrfLOHAEUgZe2jmVfye7BB9KreVh02u/ziFl46Gghdsd TksTuX7uQIiE70E/qZlh =FuAM -----END PGP SIGNATURE-----